COMMAND

    MS Proxy

SYSTEMS AFFECTED

    MS Proxy Server 2.0

PROBLEM

    Rui  Martins  found  following.   In  his  network we use MS Proxy
    Server 2.0 to connect to the  internet.  They choosed to use  only
    the "Web Proxy" service and not the SOCKS or the WinSock  service.
    It works fine with  WWW access, but in  the "FTP read" anyone  can
    download  files  even  if  his   username  isn't  listed  on   the
    "Permissions" tab of the "Web Proxy Service".

SOLUTION

    The solution is to start the "WinSock Service" (even if we do  not
    use  it)  and  in  the  "Permissions"  tab mark the "Enable Access
    Control" and  the "Unlimited  access" check  without choosing  any
    user  (even  those  that  should  have  the  ftp  and www access).
    MS-Portugal said that the Proxy were redirecting calls between the
    port  80  to  the  21  (internally)  and  that's why we must block
    explicitely the  "WinSock" service,  starting it  and blocking all
    access made through it.